Skip to content

Commit 53abbd3

Browse files
committed
test: describe TestConnectionTLS modes by behavior, not libs internals
The comment named elastic-agent-libs' unexported checkAllChainsFIPS and fipsVerifyNoneCallback, leaking implementation details of a dependency with no compatibility guarantee. Describe the observable strict-vs-none distinction instead.
1 parent f7768c0 commit 53abbd3

1 file changed

Lines changed: 3 additions & 3 deletions

File tree

libbeat/esleg/eslegclient/connection_test.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -243,9 +243,9 @@ func BenchmarkExecHTTPRequest(b *testing.B) {
243243
// TestConnectionTLS connects to a test HTTPS server that presents a 1024-bit
244244
// RSA certificate, which is below the FIPS 140-3 minimum of 2048 bits.
245245
// In a FIPS build the handshake must fail; in a non-FIPS build it must succeed.
246-
// Both "strict" and "none" are covered because elastic-agent-libs enforces the
247-
// FIPS key-type check through different callbacks depending on verification
248-
// mode (checkAllChainsFIPS vs. fipsVerifyNoneCallback).
246+
// Both "strict" (verifies the full certificate chain) and "none" (skips chain
247+
// building and inspects only the certificates the peer presents) are covered,
248+
// since the FIPS key-type restriction must hold on either path.
249249
func TestConnectionTLS(t *testing.T) {
250250
for _, verificationMode := range []string{"strict", "none"} {
251251
t.Run(verificationMode, func(t *testing.T) {

0 commit comments

Comments
 (0)